Bookmarks List |
| Display Mode : One Cat | | by Cats Grouped | by Alpha Not Grouped |
<< Start < Prev 1 [2] 3 4 Next > End >>
Results: 51 - 100 of 166
|
|
|
| HTTP 1.0, HTTP 1.1 specifications and more |
RFC specifications of Hypertext Transfer Protocol version 1.0 and 1.1. These pages help understanding how the protocol works, and might give clues how to build your own tools that discuss with web-servers. There are also other RFC's that are related |
502 |
|
| httprint |
HTTPrint is a tool that does identification of web servers despite the banner string and any other obfuscation. httprint can successfully identify the underlying web servers when their headers are mangled by either patching the binary, by modules suc |
562 |
|
| httpush  |
HTTPush aims at providing an easy way to audit HTTP and HTTPS application/server security. It supports on-the-fly request modification, automated decision making and vulnerability detection through the use of plugins and full reporting capabilities.
|
747 |
|
| httrack |
It allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer.
|
780 |
|
| |
|
|
|
| icat.nist.gov |
ICAT is a searchable index of information on computer vulnerabilities. It provides search capability at a fine granularity and links users to vulnerability and patch information. It is based on CVE. This might come handy when doing vulnerability asse |
473 |
|
| IDS logs in forensic analysis |
This article shows how valuable IDS-logs can be in analyzing a break-in. Alan Neville shows the reader how to dissect snort logs with tcpdump & ethereal. Good read if you want some detailed commenting on the packet dumps. |
517 |
|
| iis lockdown and urlscan |
This explains pretty well how to install these two on a windows-box, providing good information about best practices for IIS. URLScan is useful when the URLs for the website is mostly easy, thus very dynamic sites could deny themselves. |
528 |
|
| Incident and forensics articles |
SecurityFocus keeps all incident-related articles in one place for easy read. The areas range from forensics to incident response and has also entertaining stories related to these. There are some good articles in there, I recommend reading these if
|
585 |
|
| Incident response tools for unix (part 1) |
This is a three-part serie on tools that can be used on unix-based systems when doing incident response and forensics investigations. It takes on tools for OpenBSD, Solaris & Linux-based systems. It also explains what these tools can be used for with |
509 |
|
| Incident response tools for unix (part 2) |
This is a three-part serie on tools that can be used on unix-based systems when doing incident response and forensics investigations. It takes on tools for OpenBSD, Solaris & Linux-based systems. It also explains what these tools can be used for with |
491 |
|
| IP spoofing introduction |
This OK paper touches IP & TCP, as these are vital ones in understanding what IP spoofing really is about. The paper kindly explains several scenarios and why these are possible. The technique does not allow for anonymous Internet access, which is a |
667 |
|
| isc.incidents.org |
This is the Internet Storm Center. The site gets data around the world and maps the most attacked ports on the internet. They also provide analysis information about worms, virii & exploits when these get wide-spread. You can also find some news on t |
475 |
|
| ISECOM |
It has created OSSTMM (OpenSource Security Testing Methodology Manual) and SPSMM (Secure Programming Standards Methodology Manual) and other resources. It has a very good tool-list that fits a security specialist's toolbox. Worth checking out. The si |
573 |
|
| IT baseline protection manual |
This is a manual that digs in into lots of security policies. Worth checking out if you're planning security policies for your company. The manual is really huge and touches lots of surfaces that you probably have never thought of. Check it out. |
778 |
|
| IT security cookbook |
This site hosts the IT Security Cookbook. This book aims to touch various issues from policies to more technical level information like firewalls and respective topologies. The technical part doesn't go THAT deep that it would give hands-on informati |
578 |
|
| ITS 4 |
Cigital has released a C/C++ source-code analyser that scans for possible vulnerabilities. Might be useful in automating the process of auditing C/C++ code and useful for programmers themselves.
|
457 |
|
| |
|
|
|
| John the ripper |
John the Ripper is a password-cracking tool that can use wordlists and brute-force. The tool is available for unix, dos & windows. It also has plugins for other schemes, like cracking NTLM hashes.
|
550 |
|
| |
|
|
|
| Kismet |
Kismet is an 802.11 wireless network sniffer - this is different from a normal network sniffer (such as Ethereal or tcpdump) because it separates and identifies different wireless networks in the area. Kismet works with any 802.11b wireless card whic |
479 |
|
| |
|
|
|
| Layer 2 sniffing |
This paper explains three different attacks that can be performed against a switched network. These attacks are ARP cache poisoning, CAM table flooding and switch port stealing. It also gives countermeasure recommendations against these.
|
548 |
|
| Legal & Regulatory |
Sarbanes-Oxley (SOX)—Impact on Security In Software
By Keith Pasley, CISSP |
948 |
|
| Lilith |
It works as an ordinary webspider and analyses any grabbed webpages. It dissects forms and if requested, inject special characters that have a special meaning to any underlying platform.
|
580 |
|
| |
|
|
|
| Memfetch |
Memfetch is a handy utility for dumping the memory of a running process. helping you recover information that would otherwise be lost, and making it easier to check the integrity or internals of a running process. Also, the page contains lots of othe |
597 |
|
| Microsoft technet security |
Microsoft has a security-area in the Technet-section of it's site. Here you can find howto-guides & checklist for various stuff, latest hotfixes & servicepacks. You also find a good tool called hfnetcheck that can be used for determining if some patc |
613 |
|
| mieliekoek |
Mieliekoek.pl is a SQL insertion crawler which tests all forms on a web site for possible SQL insertion problems. This script takes the output of a web mirroring tools as input, inspecting every file and determine if there is a form in the file.
|
612 |
|
| Milw0rm exploit resource |
Good resource for Proof of Concept exploit code. http://www.milw0rm.com
milw0rm is a group of "hacktivists" best known for penetrating the computers of the Bhabha Atomic Research Centre (BARC) in Bombay, the primary nuclear research facility of India, on June 3, 1998. The attack generated heated debate on the security of information in a world prevalent with countries developing nuclear weapons, the ethics of "hacker activists" or "hacktivists," and the importance of advanced security measures in a modern world filled with teenagers willing and able to break into insecure international websites.
http://en.wikipedia.org/wiki/Milw0rm
|
130 |
|
| |
|
|
|
| nemesis |
Nemesis is a packet injection suite that supports protocols ARP, DNS, ETHERNET, ICMP, IGMP, IP, OSPF, RIP, TCP and UDP. This might be a good tool for enumerating a network consisting of firewalls, routers and so on.
|
613 |
|
| Net calculator |
This site has a neat network calculator. It might come useful to people like me who don't understand how netmasks really affect to the amount of IP's in a subnet (or how to calculate this).
|
498 |
|
| Netcat |
Netcat is a multipurpose tool that you can utilize for many things. I recommend this tool warmly, as in my opinion, its good :) |
655 |
|
| Network security library |
This is a network security library. It has lots of FAQs, articles and papers hosted. It also covers some "books" that are available in digital format. I see this as a good resource, as the stuff on the site is quite good quality. You can find informa |
493 |
|
| Networking guide |
This site holds an excellent guide to networking. It basically covers the network topologies, protocols, hardware, routing, addressing and lots more. A very good network resource, that gets you in the loop in no time ;) There is more out on the web, |
1'266 |
|
| Neworder.box.sk |
New Order hosts lots of tools and keeps track of exploits. It is also posting security-info and lots of articles. From here you might find the right tool, paper or exploit to get you going with the task you have. |
628 |
|
| Nikto |
Nikto is a web server scanner which performs comprehensive tests against web servers for multiple items, including over 2000 potentially dangerous files/CGIs, versions on over 130 servers, and problems on over 200 servers. This software uses RFP's Li |
528 |
|
| NIST publications |
This page holds the special publications of NIST that are mainly guidelines. You can find lots of interesting information from here that can be useful, for example you can find tips for securing public webservers, information about IDSes and so on.
|
506 |
|
| nmap port scanner |
Here you can find Fyodor's NMAP-tool that you can use to portscan targets. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on th |
520 |
|
| NO RID |
|
421 |
|
| NSA hardening guides |
NSA has released security guides for NT, W2K, XP & Cisco. The configurations they suggest are pretty anal, so if you need some heavy security, these guides are something to look at. A word of warning, thought. Implementing some features might break y
|
621 |
|
| |
|
|
|
| openBSD packet filtering guide |
A very nice resource for OpenBSD's packet filter. There is lots of example-rules and explanations of the inner workings of PF. A recommended site if you use OpenBSD as your firewall. |
483 |
|
| oracle row level security |
In this article serie Pete Finnigan explains what the row level security feature in Oracle database is, and how it is used for added security. He also explains how to audit these policies. |
614 |
|
| Oracle security testing |
This site has loads of links to Oracle-related security papers, giving lots of information about how to test the security of Oracle databases & how to secure them. Very good resource if you got a database to secure or audit. |
659 |
|
| oss.coresecurity.com |
Core Security offers some components used in CORE IMPACT to the community for free. These are written in Python and covers packet capture, assembly code and network protocol dissection and build. |
608 |
|
| OWASP |
The Open Web Application Security Project (OWASP) is developing software tools and knowledge based documentation that helps people secure web applications and web services. They have a TOP-10 list of most common web-application programming mistakes a |
501 |
|
| |
|
|
|
| patchfinder 2 |
PatchFinder2 is a W2K-utility for detecting W2K-based rootkits that work via DLL-injection or kernel-level attacks. Might be very useful if you suspect a break-in. |
545 |
|
| PC assembly tutorial |
PC Assembly Tutorial tries to give clues how to program in assembly-language and work as a primer. This could be useful for people trying to understand exploits and possibly create them. |
629 |
|
| Pentesting for web applications (part 1) |
This three part article explains some web application behaviour and how that can be exploited. Good reading for penetration testers at it gives a good oversight of what web application hacking is basically about. |
782 |
|
| Pentesting for web applications (part 2) |
This three part article explains some web application behaviour and how that can be exploited. Good reading for penetration testers at it gives a good oversight of what web application hacking is basically about. |
678 |
|
| Pentesting for web applications (part 3) |
This three part article explains some web application behaviour and how that can be exploited. Good reading for penetration testers at it gives a good oversight of what web application hacking is basically about. |
683 |
|
| phenoelit router tools |
Phenoelit has lots of router specific enumeration and exploitation tools available that can be used to assess network specific stuff. They also have some brute-forcers for telnet, ldap & http. |
514 |
|
| Prismstumbler |
Prismstumbler is a wireless LAN (WLAN) which scans for beaconframes from accesspoints. Prismstumbler operates by constantly switching channels an monitors any frames recived on the currently selected channel. Prismstumbler will also find private netw |
472 |
|
| |
|
|
|
| qb0x.net |
This site publishes information about exploits & proof of concept material. They also post some papers on the site that are more related to hacking than securing stuff. The site has a forum available where exploits are discussed. Might be an interest |
563 |
|
| |
|
|
|
| razor.bindview.com |
RAZOR is a team of security researchers around the world. The site has lots of nice tools available and there are also lots of papers, presentations & advisories the group has made. Overally a c | |
by Alpha Grouped